Our gateway is a router which redirects all browsing traffic to a proxy server (Ubuntu 14.04.3). Proxy server then process and sends the traffic back to the router through a different interface. Proxy is also connected to the LAN .
Some computers in the LAN routes it's traffic directly to 192.168.0.2 which is the proxy server disregarding the default gateway (192.168.0.1) set in the network settigns. This has only identified with computers with static IP's for the moment. DHCP users do not have a problem. What could be the reason for this? How could we avoid this behaviour? Find a basic diagram of the network below.
Routing table of a machine with static IP
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.179 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.0.179 296
169.254.255.255 255.255.255.255 On-link 192.168.0.179 276
192.168.0.0 255.255.255.0 On-link 192.168.0.179 276
192.168.0.179 255.255.255.255 On-link 192.168.0.179 276
192.168.0.255 255.255.255.255 On-link 192.168.0.179 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.179 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
Routing table of a DHCP machine
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.165 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.165 266
192.168.2.165 255.255.255.255 On-link 192.168.2.165 266
192.168.2.255 255.255.255.255 On-link 192.168.2.165 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.165 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.165 266
Answer
We managed to address this issue thanks to the tip given by joeqwerty. We were not using ICMP redirects to redirect the traffic. However both the Proxy server and the Router were sending ICMP redirects to the clients. Since neither of the devices had any use for this behaviour, we disabled ICMP redirects in both the devices and the issue never came back.
No comments:
Post a Comment